2014-01-04, 10:22 AM
(This post was last modified: 2014-01-04, 10:34 AM by JordanMussi.)
MyCode
Output
Using
Suggested regular expression
You should also apply this to your other threads:
http://community.mybb.com/thread-149604.html
http://community.mybb.com/thread-149606.html
http://community.mybb.com/thread-149607.html
[break]"></iframe><iframe src="http://malicious-site.com/[/break]Output
<iframe width="464" height="290" src="http://www.break.com/embed/"></iframe><iframe src="http://malicious-site.com/" allowfullscreen="" frameborder="0" scrolling="no"></iframe>Using
(.*?) can allow anything to be accepted, leaving a site vulnerable to XSS. Using a regular expression like [a-zA-Z0-9], will allow the lower case alphabet, upper case alphabet and the numbers 0-9.Suggested regular expression
\[break\][a-zA-Z0-9]\[/break\]You should also apply this to your other threads:
http://community.mybb.com/thread-149604.html
http://community.mybb.com/thread-149606.html
http://community.mybb.com/thread-149607.html